'''
conditions go here

conditions should check the user object from the wsgi environ 
and return true of false
'''

# these should probably be classes, like in TG1
# might even be able to just use the TG1 conditions themselves

def AlwaysFail():
    return False
    
def AlwaysPass():
    return True

#this is re-defined below
#def not_anonymous():
#    pass
    
'''
from Tg1 identity...

not_anonymous()

in_group("admin")
in_all_groups("admin", "editor")
in_any_group("admin", "editor")

has_permission("edit")
has_all_permissions("edit", "delete", "update")
has_any_permission("edit", "delete", "update")

from_host("127.0.0.1")
from_any_host(("127.0.0.1", "10.0.0.1"))

All()
Any()
'''

'''
other possible conditions:

- check a list of users for membership
- ???
- roles
'''



class AuthorityCondition(object):
    '''Base class for condition objects.
    
    '''
    def __init__(self):
        pass

    def __call__(self, user):
        raise NotImplementedError


class not_anonymous(AuthorityCondition):
    def __init__(self):
        pass

    def __call__(self, user):
        if user.name != 'anonymous':
            return True
            
        return False

class is_user(AuthorityCondition):
    def __init__(self, username):
        self.username = username
        
    def __call__(self, user):
        if user.name == self.username:
            return True
            
        return False

class is_one_of(AuthorityCondition):
    def __init__(self, userlist):
        self.userlist = userlist
        
    def __call__(self, user):
        if user.name in self.userlist:
            return True
        
        return False

class in_group(AuthorityCondition):
    def __init__(self, group_name):
        self.group = group_name

    def __call__(self, user):
        if self.group in user.groups:
            return True

        return False


class in_all_groups(AuthorityCondition):
    def __init__(self, grouplist):
        self.grouplist = grouplist

    def __call__(self, user):
        g = [grp for grp in self.grouplist if grp in user.groups]
        if g == self.grouplist:
            return True

        return False


class in_any_groups(AuthorityCondition):
    def __init__(self, grouplist):
        self.grouplist = grouplist

    def __call__(self, user):
        g = [grp for grp in self.grouplist if grp in user.groups]
        if g != []:
            return True

        return False


class has_permission(AuthorityCondition):
    def __init__(self, perm_name):
        self.perm = perm_name

    def __call__(self, user):
        if self.perm in user.permissions:
            return True

        return False


class has_all_permissions(AuthorityCondition):
    def __init__(self, permlist):
        self.permlist = permlist

    def __call__(self, user):
        p = [perm for perm in self.permlist if perm in user.permissions]
        if p == self.permlist:
            return True

        return False


class has_any_permissions(AuthorityCondition):
    def __init__(self, permlist):
        self.permlist = permlist

    def __call__(self, user):
        p = [perm for perm in self.permlist if perm in user.permissions]
        if p != []:
            return True

        return False

